This article will focus on the first one: Reducing your attack surface.

Once you understand that you cannot stop every attack, and that the attacker has a vast advantage over the defender, the next logical action to take is to reduce the number of attack vectors that a potential adversary may choose from.

Adobe and Microsoft. The vast majority of exploits today are run against Adobe and Microsoft client products, therefore the first step in reducing your attack surface is to switch from those clients to anything else that accomplishes the same task. In my case, for example, I replaced Adobe Acrobat Reader with an alternative free .pdf reader that I found on Cnet. I un-installed the entire Microsoft Office suite in favor of OpenOffice and a different email client. I also deactivated Internet Explorer (you cannot uninstall it from a Windows 7 machine) and use alternative browsers instead. Remember, this is not about brand loyalty. It's about security. By making these changes, you've just shrunk your attack surface by a considerable margin.

LinkedIn, Facebook, Twitter. Social networking applications have permeated our personal and professional lives. As a result, they represent a veritable gold mine of personal data which adversaries use to construct spear phishing attacks, target opposition groups, and mine for competitive advantage. The intelligence services of most nations use them to collect data on military deployments, for example, or to discern troop levels and conditions on the ground at various strategic locales. Since its almost impossible to defend against a pure social engineering attack, and since family members are often involved as well, the best plan of action is to reduce the size of your social networking footprint.

This strategy will serve you well regardless of how large or small your enterprise or government department is. If you can attend the Gov 2.0 Expo in Washington DC, please bring your own suggestions, questions, or arguments on this topic. We'll have plenty of time for a discussion.